Holded
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Holded/Membrane integration, but it can act on sensitive business and accounting data without clearly documented approval limits.
Install only if you trust Membrane and intend to let it access your Holded organization. Use a least-privileged account, pin or review the CLI if possible, and require explicit confirmation before creating invoices, sales orders, payments, purchases, or other business-record changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create or change important business records if invoked with the wrong intent or parameters.
The skill enables broad action execution against Holded, including creation of financial or sales documents, but the visible instructions do not define approval checks or limits for high-impact mutations.
Use action names and parameters as needed. ... | Create Document | create-document | Create a new document (invoice, sales order, etc.) in Holded |
Require explicit user approval before any create, update, delete, payment, invoice, purchase order, or other financial/account-mutating action, and prefer read/list actions first.
Anyone using the skill should understand which Holded account and permissions the Membrane connection can use.
The skill relies on delegated Membrane/Holded authentication. This is expected for the integration, but it gives the connected account ongoing authority.
Membrane handles authentication and credentials refresh automatically
Connect with the least-privileged Holded/Membrane account that supports the intended task and review or revoke the connection when no longer needed.
Installing a global CLI gives external package code local execution ability during install and future use.
The setup uses a global npm package installed at the latest version. This is central to the stated Membrane workflow, but it is unpinned and outside the instruction-only artifact.
npm install -g @membranehq/cli@latest
Install the CLI only from the trusted npm package source, consider pinning a known-good version, and review the package before use in sensitive environments.
Business data returned from Holded and commands sent to Holded may pass through the Membrane service/account connection.
Holded data and actions are routed through Membrane as an external integration layer. This is disclosed and purpose-aligned, but it is a third-party data and control boundary.
This skill uses the Membrane CLI to interact with Holded.
Use a trusted Membrane account, verify the connection target is Holded, and avoid sending unnecessary sensitive data through the integration.